Wednesday, July 12, 2017

We have made some enhancements to Assessment Mode to allow both managers and developers to better see the results of assessments. Managers are now also provided with feedback when creating assessments to ensure that the selected challenges are available. Details are these enhancements are below:

Manager Assessments Improvements

The following enhancements have been made to improve the experience of creating assessments and viewing their results:

Challenge Breakdown - Managers can now simply view the overall results of an assessment completed on a challenge level. This provides a manager a snapshot view of the strengths and weaknesses of the developers on a vulnerability category level.

Challenge Feedback - While creating an assessments, managers will now be notified if the selected criteria for a challenge cannot be met. This may occur when some types of vulnerabilities are not relevant for a particular language or they do not exist within the platform.

Developer Assessments Improvements

The following enhancements have been made to allow the developer to better understand how they went in their assessment:

Overall Assessment Breakdown - Developers are able to view a graphical representation of their assessment. The Developers' results across the different types of questions are clearly visible as well as the their overall progress. They are also able to see their overall score in comparison to the assessment group.

Strengths per category - A developer can click on individual categories to get a breakdown of their results in the category. This allows the developer to identify where their strengths and weaknesses are so they know where they need to focus their future training.

Monday, February 20, 2017

We have received a lot of feedback from managers on how important it is for them to keep track of user engagement on the Secure Code Warrior platform.

Understanding key metrics and being able to report on these over time using the existing CSV download has proven to be very useful in not only measuring engagement over time but also measuring the progress of users. Using the data available managers can gain useful insights such as the ability to see what effect time spent on the platform has had on the secure coding skills of their developers as well as being able to identify key areas for improvement.

Tracking activity on a regular basis and reporting is something that our clients tell us they do to ensure the success of the platform. To help with this we have created Weekly Activity Reports that Team Managers and Company Admins have the option to receive weekly via email.

The email report provides managers with a snapshot of the activity of users on the Secure Code Warrior over the past week:

User Summary - overview of total, invited, enabled and new users who joined.

Training Summary - statistics on time spent, top performers and most engaged users in the last 7 days

Tuesday, February 7, 2017

In the past twelve months, we have been closely engaging with our early adopter clients to understand how they are using Secure Code Warrior, what the objectives were they were trying to achieve and how the usage evolved over time. We observed that the type of rollout highly depended on their own objectives, the challenges they were trying to solve and the maturity in cybersecurity and training:

"There is no security culture in our development community"

They tried classic CBT training and developers responded: "boring", "not relevant", "too high-level" on most products on the market

They organised in classroom training and the quality highly depended on the trainer, the developer's relevant experience in the coding language and the skill level of the developers in the class

They want something which ENGAGES the developers and makes them AWARE about security issues in software development.

"There is awareness but it does not result into less vulnerabilities"

They felt that everyone understood the importance of security but it was not always consistently applied in the code and the source code analysers consistently found the same flaws.

They want something which allows the developers to PRACTICE on different situations and measure the overall SKILL level of the developer community

"There is a trained developer community but we need it formalised to compare internal and suppliers"

Suppliers, contractors or new starters did not have the same level of training the internal developers had received.

Company or cultural context requires certificates to be handed out upon achieving objectives

A career path or skill progression model was required

They want to formally assess the SKILL level of the developer community and suppliers.

Friday, January 27, 2017

It has been two years now since we made a leap into the unknown and started working on our mission to change the (insecure) behavior of thousands of developers globally

20,000 hours of hands-on exercises have been consumed in the last year by developers located in 62 countries. Every day around 100 users are online improving their secure coding skills because they want to become better and more secure developers.

Two of the global banks and two US credit companies are our customers as they understand that moving faster (Agile/DevOps) means automation and more autonomy (also in security architecture and secure coding). Most of them have realised that video training has failed to build skills and classroom training is not scalable or economically efficient for hundreds of developers.

We released more than 50 free learning modules on secure coding under Common Creative (allowing any person or company to re-use) and have facilitated free hands-on workshops on secure coding at NDC Sydney, OWASP Melbourne, OWASP BeNeLux, OWASP London, OWASP Delhi, CyberSecurityChallenge Belgium and NULL Singapore.

Next to our hands-on Training Mode, we have built Assessment Mode to verify competency and Tournament Mode (in beta) to create the required engagement with developers by gamifying even further. Next to supporting JAVA Spring, JAVA Enterprise an C# MVC, we have added hundreds of challenges for C# MVC, Node.js, Ruby on Rails and Python Django.

We expanded our sales and engineering capabilities and are now present in Boston, London, Sydney, Bangalore and Bali (our engineer with the best life-work-balance).

We also received quite a lot support from early-adopter clients (in Australia, Switzerland, US and Belgium) with lots and lots valuable feedback that have led to all the improvements, content and new features! And a year later, all of them are still our clients.

Last, we have received significant support from CSIRO Data61 (Australia, thanks Daniella), Craig Davies (ex-Atlassian, ACSGN) and an awesome bunch on individuals that have written articles, talked or tweeted about us. Thanks for your support.

We are extremely proud on having achieved all the above in our 2nd year! Toddler years ... bring it on!